Veeam Products Multiple Vulnerabilities
RISK: Extremely High Risk
TYPE: Servers - Web Servers
Multiple vulnerabilities were identified in Veeam products. A remote attacker could exploit this vulnerability to trigger elevation of privilege, remote code execution, data manipulation, security restriction bypass and sensitive information disclosure on the targeted system.
Note:
CVE-2024-40711 is being exploited in the wild. The vulnerability is caused by a deserialization of untrusted data weakness that unauthenticated threat actors can exploit to trigger remote code execution.
Impact
- Information Disclosure
- Security Restriction Bypass
- Elevation of Privilege
- Data Manipulation
- Remote Code Execution
System / Technologies affected
- Veeam Backup & Replication 12.1.2.172 and all earlier than version 12 builds
- Veeam Agent for Linux 6.1.2.1781 and all earlier version 6 builds
- Veeam ONE 12.1.0.3208 and all earlier version 12 builds
- Veeam Service Provider Console 8.0.0.19552 and all earlier version 8 and version 7 builds
- Veeam Backup for Nutanix AHV Plug-In 12.5.1.8 and all earlier verion 12 builds
- Veeam Backup for Oracle Linux Virtualization Manager and Red Hat Virtualization Plug-In 12.4.1.45 and all earlier version 12 builds
Solutions
Before installation of the software, please visit the vendor web-site for more details.
Apply fixes issued by the vendor:
Vulnerability Identifier
- CVE-2024-38650
- CVE-2024-38651
- CVE-2024-39714
- CVE-2024-39715
- CVE-2024-39718
- CVE-2024-40709
- CVE-2024-40710
- CVE-2024-40711
- CVE-2024-40712
- CVE-2024-40713
- CVE-2024-40714
- CVE-2024-40718
- CVE-2024-42019
- CVE-2024-42020
- CVE-2024-42021
- CVE-2024-42022
- CVE-2024-42023
- CVE-2024-42024
Source
Related Link
Related Tags
Share with